Spanning tree Portfast Bpdugard
I am trying to see the difference in configuring Bpdugard Globally and on specific interfaces
- when configured On specific Interfaces when it receives superior BPDU the interface will go to err-disable status
-when configured Globally, I do not see any difference, I mean NO ports go to err-disable status.
Any clarification on BPDGUARD when configured globally ?
Thank you
- when configured On specific Interfaces when it receives superior BPDU the interface will go to err-disable status
-when configured Globally, I do not see any difference, I mean NO ports go to err-disable status.
Any clarification on BPDGUARD when configured globally ?
Thank you
Last Comment
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
First... Are these real switches or packet tracer or GNS?
If they aren't actual, physical switches, we're done. The simulators and emulators have too many inconsistencies.
Second, if we're talking about actual switches, please post the configs and specify which ports are relevant.
If they aren't actual, physical switches, we're done. The simulators and emulators have too many inconsistencies.
Second, if we're talking about actual switches, please post the configs and specify which ports are relevant.
Hi there,
There is no difference in functionality of BPDU guard when configured globally or per interface basis.
The transitioning of the port into err-disabled once a BPDU is received on the BPDU guard enabled is the same in both cases.
There is no difference in functionality of BPDU guard when configured globally or per interface basis.
The transitioning of the port into err-disabled once a BPDU is received on the BPDU guard enabled is the same in both cases.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
SW1#sh run
Building configuration...
Current configuration : 1129 bytes
!
! Last configuration change at 01:46:10 CET Tue Jul 19 2016
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
clock timezone CET 1 0
no ipv6 cef
ipv6 multicast rpf use-bgp
!
ip cef
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree portfast default
spanning-tree portfast bpduguard default
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
duplex auto
!
interface Ethernet0/1
duplex auto
!
interface Ethernet0/2
duplex auto
!
interface Ethernet0/3
duplex auto
!
interface Ethernet1/0
duplex auto
!
interface Ethernet1/1
duplex auto
!
interface Ethernet1/2
duplex auto
!
interface Ethernet1/3
duplex auto
!
interface Ethernet2/0
duplex auto
!
interface Ethernet2/1
duplex auto
!
interface Ethernet2/2
duplex auto
!
interface Ethernet2/3
duplex auto
!
!
no ip http server
!
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
!
end
SW2#sh run
Building configuration...
Current configuration : 1117 bytes
!
! Last configuration change at 01:43:05 CET Tue Jul 19 2016
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname SW2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
clock timezone CET 1 0
no ipv6 cef
ipv6 multicast rpf use-bgp
!
ip cef
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
duplex auto
!
interface Ethernet0/1
shutdown
duplex auto
!
interface Ethernet0/2
shutdown
duplex auto
!
interface Ethernet0/3
shutdown
duplex auto
!
interface Ethernet1/0
duplex auto
!
interface Ethernet1/1
duplex auto
!
interface Ethernet1/2
duplex auto
!
interface Ethernet1/3
duplex auto
!
interface Ethernet2/0
shutdown
duplex auto
!
interface Ethernet2/1
shutdown
duplex auto
!
interface Ethernet2/2
duplex auto
!
interface Ethernet2/3
shutdown
duplex auto
!
!
no ip http server
!
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
!
end
ASKER
As shown in the attached file, on SW2 I shut down e0/0 and e2/2 then brings them back up
the e2/2 on SW1 will go through LIST/LRN/FWD
but does not go to Err-Disable state
the e2/2 on SW1 will go through LIST/LRN/FWD
but does not go to Err-Disable state
ASKER
ASKER
SW1#sh span
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address aabb.cc00.0100
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address aabb.cc00.0100
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 100 128.1 Shr
Et0/1 Desg FWD 100 128.2 Shr Edge
Et0/2 Desg FWD 100 128.3 Shr Edge
Et0/3 Desg FWD 100 128.4 Shr Edge
Et1/0 Desg FWD 100 128.5 Shr Edge
Et1/1 Desg FWD 100 128.6 Shr Edge
Et1/2 Desg FWD 100 128.7 Shr Edge
Et1/3 Desg FWD 100 128.8 Shr Edge
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et2/0 Desg FWD 100 128.9 Shr Edge
Et2/1 Desg FWD 100 128.10 Shr Edge
Et2/2 Desg FWD 100 128.11 Shr
Et2/3 Desg FWD 100 128.12 Shr Edge
SW1#sh interfaces statu
Port Name Status Vlan Duplex Speed Type
Et0/0 connected trunk auto auto unknown
Et0/1 connected 1 auto auto unknown
Et0/2 connected 1 auto auto unknown
Et0/3 connected 1 auto auto unknown
Et1/0 connected 1 auto auto unknown
Et1/1 connected 1 auto auto unknown
Et1/2 connected 1 auto auto unknown
Et1/3 connected 1 auto auto unknown
Et2/0 connected 1 auto auto unknown
Et2/1 connected 1 auto auto unknown
Et2/2 connected trunk auto auto unknown
Et2/3 connected 1 auto auto unknown
SW1#
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
This behavior is observed since you have not configured the e2/2 and e0/0 as access ports.
The ports assume a trunk role by default as per my understanding
I thought about that last night after I watched youtube video.
I will try it later
ASKER
Thank you
ASKER
However when I configured BPDUGUARD by Port instead Gloabal...even the ports were Trunk...one of them still went to Err-Disable status
ASKER
These are the Findings:
BPDUGUARD (GLOBAL)
LAB example:
on SW2= Shutdown the Port Connecting to SW1
On SW1:
First the Port(s) facing the Devices that are not supposed to Send BPDUs ; such as computers need to be configured as Access Ports.
Then at the global configuration of the Switch facing the computers, configure with both commands below:
SW1(config)#spanning-tree portfast default
SW1(config)#spanning-tree portfast bpduguard default
on SW2= Type No Shutdown on the Port Connecting to SW1, This will send BPDUs to the access port on SW1 and the port will go into Err-Disable State.
==========================
Per Port
I did not have to configure any port linking SW1 to SW2 as access port , I left them as Trunk
Lab Example
ON SW2: I shutdown the trunk port linking to SW1
On SW1 :
SW1(config-if)#spanning-tr
Then on SW2, I type No Shutdown on the Trunk port
SW1 port went into err-disable state.
BPDUGUARD (GLOBAL)
LAB example:
on SW2= Shutdown the Port Connecting to SW1
On SW1:
First the Port(s) facing the Devices that are not supposed to Send BPDUs ; such as computers need to be configured as Access Ports.
Then at the global configuration of the Switch facing the computers, configure with both commands below:
SW1(config)#spanning-tree portfast default
SW1(config)#spanning-tree portfast bpduguard default
on SW2= Type No Shutdown on the Port Connecting to SW1, This will send BPDUs to the access port on SW1 and the port will go into Err-Disable State.
==========================
Per Port
I did not have to configure any port linking SW1 to SW2 as access port , I left them as Trunk
Lab Example
ON SW2: I shutdown the trunk port linking to SW1
On SW1 :
SW1(config-if)#spanning-tr
Then on SW2, I type No Shutdown on the Trunk port
SW1 port went into err-disable state.
Routers
A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.
49K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER
on SW2 I shut down the connected interfaces to Switch 1, then brought them back up with No Shutdown.
However nothing happen on Switch1. I mean I do not see the ERR-DISABLE keyword.
Per Port configuration:
I configured the same thing on Interfaces I get the ERR_DIsable when Switch2 interfaces come back up, but Globally I have not seen that happened.